Writing
Notes on building MCP that survives production.
Practical analysis of Model Context Protocol — security, compliance, and architecture — written for the people who have to deploy it, not just read about it.
Putting MCP into production: what the NSA's security guidance actually says
A federal security agency just published design guidance for Model Context Protocol. Here are the weak points it names — and the engineering practice that closes each one.
Read →Putting MCP into production in the UK: the NCSC's guidance, and what UK data law expects
For a UK organisation, the secure way to build an MCP integration is also the compliant and sovereignty-preserving way. The NCSC's guidance and UK data law, mapped onto a real deployment.
Read →MCP in UK financial services: govern it under the rules you already have
There is no AI rulebook coming, and the FCA has said so. Here is how operational resilience, the SM&CR, SYSC and the Critical Third Parties regime already apply to an MCP build.
Read →